1. Focus on test sitesCommon websecurity problems, principles and precautions. Security awareness 1. SQLInjection 2. XSS(Cross-site scripting attack, Cross-Site Scripting) 3. CSRF(Cross-site request forgery, Cross-Site request forgery) 2. What is SQLinjection?SQLInjection and Prevention 1. special input parameters passed configuration webapplication, resulting in malicious backend SQL 2 since
[强网杯2019] Random betTest siteIdeasPayloadTest siteStack injection, prepared statementsIdeasTest 1' or 1=1 #, it is preliminary judged that there is SQL injectionThe number of test fields, an error will be reported at 3, and no error will be reported at 2, indicating that the number of fields is 2Test union injection
One, cross-database injectionFor example, there are two sites under the same IP corresponding to sites A and B. If site A has high-privilege injection (root), it will cause data leakage of site B or other web applications in the same database. Demonstrated here: local A site: http://sqli-labs-master:100/Less-1/
Penetration testing knowledge combing-injection class-1-SQL injection-Mysql1. SQL injection1.1 Introduction to vulnerabilities1.2 Vulnerability hazards1.3 Vulnerability details1.3.1 MySQL injection22.214.171.124 Error injection1. floor()2. extractvalue()3. updatexml()4. geometrycollection()5. multipoint()6. polygon()7. multipolygon()8. linestring()9. multilinestring()10. exp()11. NAME_CONST()12.
Article DirectoryPoint of useProblem solvingFinishPoint of useSQL error injectionSQL spaces, equal signs, intercepted strings to bypass filteringProblem solvingSQL injection, error display is character injection, closed single quotation marks check.php?username=a'&password=1 The dash is filtered, so the comment symbol uses # check.php?username=a'%23&
For more exciting content, please pay attention to my public account of the same name: programmers set sail Vulnerability recurrenceAt the beginning of the article, let you reproduce the JDBC deserialization vulnerability mysql malicious service startup code, as follows # -*- coding:utf-8 -*-import socketimport binasciiimport osimport sysimport subprocess
First attach a piece of PHP code to understand the basic principles <?php header("Content-Type: text/html; charset=utf-8"); $get=$_GET['g']; $post=$_POST['p']; $cookie=$_COOKIE['c']; $request=$_REQUEST['r']; $host=$_SERVER['HTTP_HOST']; $user_agent=$_SERVER["HTTP_USER_AGENT"]; $ip=$_SERVER["HTTP_X_FORWARDED_FOR"]; echo $get.
Sql_Server injectionSql_Servere database introduction: SQL Server is a relational database management system (DBMS) developed and promoted by Microsoft. It was originally jointly developed by Microsoft, Sybase and Ashton-Tate. Shooting range: https://www.mozhe.cn/bug/detail/90 Enter the shooting range and come to the old rules of